6 matches found
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-26981 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-26981 Source advisory: OSV:GHSA-Q6VJ-WXVF-5M8C...
Fedora: Security Advisory (FEDORA-2026-f958585e24)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 44 : mingw-openexr (2026-4656ccedf8)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4656ccedf8 advisory. Update to openexr-3.4.6 resp 3.3.8. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
CVE-2026-26981
A flaw was found in OpenEXR. A remote attacker could exploit a heap-buffer-overflow vulnerability in the istreamnonparallelread function by tricking a user into opening a specially crafted EXR file. This occurs when a signed integer subtraction results in a negative value that is then converted t...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-26981 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-26981 Source advisory: SNYK:PYTHON-OPENEXR-15338791...
CVE-2026-26981
OpenEXR CVE-2026-26981 affects 3.3.0–3.3.6 and 3.4.0–3.4.4; a heap-buffer-overflow (OOB read) occurs in istream_nonparallel_read in ImfContextInit.cpp when parsing a malformed EXR via a memory-mapped IStream. A signed integer subtraction becomes a negative value that is implicitly cast to size_t,...